Identification
According to Article 3 of the Anti-Money Laundering Act (AMLA), the identification of a bank customer aims at determining their true identity. In contrast to identification, authentication is not limited to natural or legal persons.
Authentication
Authentication refers to the process of checking a claim made by a person towards a legal entity or a system, e.g. a computer program. A login is a widely-known method of authentication: a user claims to be registered under a particular username. In the most straightforward scenario, the check is based on the assumption that only the real user knows a specific secret; for example, a password. This simple procedure is sometimes supplemented by objects (smartcards, SIM cards, etc.) and/or biometric data (fingerprints, facial or voice recognition, etc.).
How reliable is facial recognition?
Biometric characteristics are likely to play a significant role in identifying customers and partners in future. Using FaceNet, Google was able to identify 750,000 out of a million faces – 75%.
New rules for facial recognition
Apple has now changed the rules of the game and claims to have achieved a false acceptance rate of 1:1,000,000 with its new Face ID on the iPhone X. The new rules focus on 3D and hardware.
With 3D and hardware
Rather than recognizing objects in two-dimensional images, special hardware captures and compares three-dimensional facial contours using adaptive pattern recognition (pattern matching). The possibility of capturing and securely storing facial contours and other biometric characteristics using a personal device also raises interesting questions with regard to data security.
What is authorization?
In information security, authorization refers to which access rights an authenticated user has to particular objects; for example, the ability to read and change certain files.
